Dear users,a couple of days ago, during the night between Oct 28 and Oct 29 (GMT time, +0000), the credentials of one of our forum administrator were stolen and used to conduct an attack against our wiki, forum, bugzilla installations.The attacker used these credentials to inject php code into our forum FAQ page as a way to install two backdoor scripts (cache2.php and cache3.php) and gain full access to all the user accounts on our web infrastructure (we used a centralized authentication system based on phpbb). In particular, your username, email and encrypted password (we do not store clear text passwords but phpBB uses salted double MD5, which is considered, to some extent, weak by some experts).I have been able to successfully analyze the whole incident (the audit took me a couple of days), and take all the countermeasures needed so that it won’t happen again.In particular, I have improved the alerting system such that it can autonomously and rapidly take action in case of unexpectedly uploaded files to our servers (and much more, btw). The database has been restored from one of our almost-hourly backups.

We apologize for any inconvenience that we may have caused you.We advise you to change your forum, wiki and bugzilla passwords as soon as possible!

P.S.: we will not change the password for you and disabling your account will not fix the problem, you need to change your password. If you don't remember the username associated with your account, please send us a _separate_ and clear email stating your email address and name at website <at> sabayon <dot> org.Alternatively, visit our Facebook page ( https://www.facebook.com/groups/36125411841/ ) or IRC channel (freenode.net #sabayon).

P.P.S.: the attack originated from 199.254.238.0/24, hosted by riseup.net (apparently, they seem to approve this kind of behaviour) which provides vpns and Tor exit nodes. Data seem to have originated from 67.86.121.13 and 46.35.187.43 (according to the X-Forwarded-For field in HTTP requests). If you believe that Internet anonymity is good, well... will you be ready to pay the price of it?

Anonymity is a double-edged sword. Sure we'd all love to not be tracked as we go about our lives, but I'm pretty sure we're happy to pay the price as long as it's someone else who pays it.

This is the second attack against a Linux forum that I've heard of in the last couple of days. Pearlinux forum is offline after a recent attack, pear being more-or-less run solo by David Tavares, and he doesn't have spare time to get it back up & running.

I HAVE changed my password. But though I did, something embarassing happens now the second time here.I started to reply to a post, a thread here, and when I've finished my text, I've checked it, then I've sent it and then:I was ordered to relogin with my password!So, I reloggedin then and all my text, I have written before, was gone, was lost!Why? This did not happen before.Can you fix it, pls, Fabio?Tante grazie.

linuxfluesterer wrote:I HAVE changed my password. But though I did, something embarassing happens now the second time here.I started to reply to a post, a thread here, and when I've finished my text, I've checked it, then I've sent it and then:I was ordered to relogin with my password!So, I reloggedin then and all my text, I have written before, was gone, was lost!Why? This did not happen before.Can you fix it, pls, Fabio?Tante grazie.

-Linuxfluesterer (I love KDE ...)

Check what was written in the first thread..."The database has been restored from one of our almost-hourly backups"

Richlion wrote:Check what was written in the first thread..."The database has been restored from one of our almost-hourly backups"

You say "has been". The incident has happened some days ago already.So, why can I be logged in with remembering me (and my new password)? Why can I open a thread to reply without being asked for my password (again)?And why then I'm not asked for password before I write my reply, so that my text is not completely 'forgotten'?

-Linuxfluesterer (I love KDE ...)

Edit: Now that behavior did not happen (I mean, I was NOT asked for username and password, when I sen this post)